Dangerous APIs

Definite problems

List issues known to be present in the code base. Mark each one as security-relevant or non-relevant. This includes API misuse such as missing return value checks from `malloc` or `setuid`/`setgid`. This may include dead code (especially conditionally compiled code).

Possible problems

The same list, but this time for issues which are likely, but not definitely present in the source code.

Recommendations

Give recommendations based on the observations which do not fit in the previous categories.